08-20-2007 10:26 AM - edited 03-10-2019 03:20 PM
Is it possible to force a virus scan prior to giving acces to the network using nac appliance (with or without cca) ?
Also, any way to know when was the last time the machine fully virus scanned ?
Thx
08-20-2007 10:47 AM
Hi Charles,
Yes that is possible with NAC,Please check this NAC demo presentation,
http://www.cisco.com/cdc_content_elements/flash/nac/demo.htm
If user system is infected NAC will put that user in the isolated network.
Also check NAC Faq's
Regards,
~JG
08-20-2007 11:08 AM
Using the CAM GUI, where do you go go configure this ? All I can see is rule for av installation/service/definition. Maybe by the network scanner ?
Thx
08-20-2007 01:02 PM
08-21-2007 04:23 AM
Looks like I must manually choose all virus I wanna scan a pc for ? Is there a plugin like "scan hardrive for any virus" ?
08-21-2007 05:26 AM
Charles,
Yes, that is correct you need to define it.
Go into ---Rules---New AV rule select ANY for antivirus vendor.
Device management-----> Clean Access-----> Network Scanner ---> Plugin Updates
NAC is not for the purpose to scan whole system. AV is used for that purpose. It check and make sure that AV and MS update are up to date.
Regards,
~JG
08-21-2007 06:39 AM
So I cannot be sure that a user pc isn't infect before allowing network access ?
08-21-2007 07:42 AM
NAC FAQ's
Q. Does the Cisco NAC Appliance actually clean, or does it just make sure programs are installed and updated so that machines remain clean?
A. In the case of a failed Windows hotfix, the Cisco NAC Appliance can automatically launch the Windows AutoUpdate tool. If the Cisco NAC Appliance detects an infection or vulnerability, it can push a fix tool to the user (Symantec's MyDoom Fix Tool, for example) and require that user to use it before accessing the network. In addition, any registry setting that is detected can trigger the download of software or scripts that secure the user's device to meet established security policies.
Q. How does the Cisco NAC Appliance work?
A. When a device attempts to log onto the network, the Cisco NAC Appliance requests authentication credentials and identifies what kind of device it is. Depending on the role of the user, a posture assessment is performed based on the requirements of the network. If the device is found to be noncompliant, the Cisco NAC Appliance redirects the machine to a quarantine area where the user can perform the necessary downloads to update the machine. The machine is then rescanned and, if compliant, is granted access to the network.
Q. What kind of scans does the Cisco NAC Appliance perform?
A. The Cisco NAC Appliance performs network- and agent-based scans. Network-based scans look for network vulnerabilities such as remote-procedure call (RPC) buffer overflows or messenger buffer overflows. Agent-based scans check a user's system registry, file system, and system memory for specific services and applications.
Hope that helps
~Jg
08-21-2007 07:45 AM
Thx, that all clear now !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide